Re: v2.6.36-rc8..v2.6.36 regression on NULL pointer deference at disk_replace_part_tbl+0x32

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 28, 2010 at 10:37 AM, Luis R. Rodriguez <mcgrof@xxxxxxxxx> wrote:
> On Thu, Oct 28, 2010 at 10:25 AM, Luis R. Rodriguez <mcgrof@xxxxxxxxx> wrote:
>> I've filled out a bug report for a regression when I enable USB tether
>> on my Nexus One when hooked up to my laptop. I get a NULL pointer
>> dereference. This is a regression between v2.6.36-rc8 and v2.6.36. I
>> will bisect when I get a chance.
>
> <etc>
>
>> https://bugzilla.kernel.org/show_bug.cgi?id=21372
>
> <etc>
>
>> BUG: unable to handle kernel NULL pointer dereference at 00000000000003a0
>
>> Pid: 22, comm: khubd Not tainted 2.6.36-wl+ #13 6460DWU/6460DWU
>> RIP: 0010:[<ffffffff812aec32>] Â[<ffffffff812aec32>] disk_replace_part_tbl+0x32/0x80
>
> <etc>
>
>> Call Trace:
>>
>> Â[<ffffffff812aed08>] disk_release+0x28/0x50
>> Â[<ffffffff813833f7>] device_release+0x27/0xa0
>> Â[<ffffffff812bcd87>] kobject_release+0x47/0x90
>> Â[<ffffffff812bcd40>] ? kobject_release+0x0/0x90
>> Â[<ffffffff812be1e7>] kref_put+0x37/0x70
>> Â[<ffffffff812bcc47>] kobject_put+0x27/0x60
>> Â[<ffffffff812bcd40>] ? kobject_release+0x0/0x90
>> Â[<ffffffff812aed47>] put_disk+0x17/0x20
>> Â[<ffffffff813c3c37>] sg_device_destroy+0x67/0xa0
>> Â[<ffffffff813c3bd0>] ? sg_device_destroy+0x0/0xa0
>> Â[<ffffffff812be1e7>] kref_put+0x37/0x70
>> Â[<ffffffff813c3b9e>] sg_remove+0xfe/0x130
>> Â[<ffffffff81383d51>] device_del+0xc1/0x1d0
>> Â[<ffffffff81383e76>] device_unregister+0x16/0x30
>> Â[<ffffffff813b6e95>] __scsi_remove_device+0xa5/0xc0
>> Â[<ffffffff813b322c>] scsi_forget_host+0x5c/0x80
>> Â[<ffffffff813aab1f>] scsi_remove_host+0x6f/0x120
>> Â[<ffffffffa004c46b>] quiesce_and_remove_host+0x6b/0xc0 [usb_storage]
>> Â[<ffffffffa004c592>] usb_stor_disconnect+0x22/0x40 [usb_storage]
>
> Odd, I get 0 results with a:
>
> git log v2.6.36-rc8..v2.6.36 scsiglue.c protocol.c transport.c usb.c
> initializers.c sierra_ms.c option_ms.c
>
> So the issue must be elsewhere unless there was a subsystem change
> that triggered a new issue on usb-storage.

mcgrof@tux ~/linux-2.6-allstable (git::rel-2.6.36)$ git log
v2.6.36-rc8..v2.6.36 block/genhd.c

Nothing eitrher:

http://lxr.linux.no/linux+v2.6.32/block/genhd.c#L930

Hrm..

mcgrof@tux ~/wireless-testing (git::stuff2)$ gdb vmlinux
GNU gdb (GDB) 7.2-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/mcgrof/wireless-testing/vmlinux...done.
(gdb) l *(disk_replace_part_tbl+0x32)
0xffffffff812aec32 is in disk_replace_part_tbl (include/linux/spinlock.h:310).
305		raw_spin_lock_nest_lock(spinlock_check(lock), nest_lock);	\
306	} while (0)
307	
308	static inline void spin_lock_irq(spinlock_t *lock)
309	{
310		raw_spin_lock_irq(&lock->rlock);
311	}
312	
313	#define spin_lock_irqsave(lock, flags)				\
314	do {	

So that spinlock causes the null pointer dereference somehow.

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux